MediaWiki master
ApiQueryTokens.php
Go to the documentation of this file.
1<?php
30
38
39 public function execute() {
41
42 if ( $this->lacksSameOriginSecurity() ) {
43 $this->addWarning( [ 'apiwarn-tokens-origin' ] );
44 return;
45 }
46
47 $user = $this->getUser();
48 $session = $this->getRequest()->getSession();
49 $salts = self::getTokenTypeSalts();
50
51 $done = [];
52 $path = [ 'query', $this->getModuleName() ];
53 $this->getResult()->addArrayType( $path, 'assoc' );
54
55 foreach ( $params['type'] as $type ) {
56 $token = self::getToken( $user, $session, $salts[$type] )->toString();
57 $fit = $this->getResult()->addValue( $path, $type . 'token', $token );
58
59 if ( !$fit ) {
60 // Abuse type as a query-continue parameter and set it to all unprocessed types
61 $this->setContinueEnumParameter( 'type',
62 array_diff( $params['type'], $done ) );
63 break;
64 }
65 $done[] = $type;
66 }
67 }
68
77 public static function getTokenTypeSalts() {
78 static $salts = null;
79 if ( !$salts ) {
80 $salts = [
81 'csrf' => '',
82 'watch' => 'watch',
83 'patrol' => 'patrol',
84 'rollback' => 'rollback',
85 'userrights' => 'userrights',
86 'login' => [ '', 'login' ],
87 'createaccount' => [ '', 'createaccount' ],
88 ];
89 $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
90 $hookRunner = new ApiHookRunner( $hookContainer );
91 $hookRunner->onApiQueryTokensRegisterTypes( $salts );
92 ksort( $salts );
93 }
94
95 return $salts;
96 }
97
110 public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
111 if ( is_array( $salt ) ) {
112 $session->persist();
113 return $session->getToken( ...$salt );
114 } else {
115 return $user->getEditTokenObject( $salt, $session->getRequest() );
116 }
117 }
118
119 public function getAllowedParams() {
120 return [
121 'type' => [
122 ParamValidator::PARAM_DEFAULT => 'csrf',
123 ParamValidator::PARAM_ISMULTI => true,
124 ParamValidator::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
125 ParamValidator::PARAM_ALL => true,
126 ],
127 ];
128 }
129
130 protected function getExamplesMessages() {
131 return [
132 'action=query&meta=tokens'
133 => 'apihelp-query+tokens-example-simple',
134 'action=query&meta=tokens&type=watch|patrol'
135 => 'apihelp-query+tokens-example-types',
136 ];
137 }
138
139 public function isReadMode() {
140 // So login tokens can be fetched on private wikis
141 return false;
142 }
143
144 public function getHelpUrls() {
145 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
146 }
147}
array $params
The job parameters.
getResult()
Get the result object.
Definition ApiBase.php:680
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:820
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition ApiBase.php:1460
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:541
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition ApiBase.php:607
This is a base class for all Query modules.
setContinueEnumParameter( $paramName, $paramValue)
Set a query-continue value.
Module to fetch tokens via action=query&meta=tokens.
static getTokenTypeSalts()
Get the salts for known token types.
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
getHelpUrls()
Return links to more detailed help pages about the module.
isReadMode()
Indicates whether this module requires read rights.
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
getExamplesMessages()
Returns usage examples for this module.
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
This class provides an implementation of the hook interfaces used by the core Action API,...
Service locator for MediaWiki core services.
internal since 1.36
Definition User.php:93
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition User.php:2766
Service for formatting and validating API parameters.
A helper class for throttling authentication attempts.